14 DAY TRIAL // OpenOffice.org admitted and detailed a problem discovered in the OpenOffice application suite, a vulnerability that once exploited allows a hacker to compromise a vulnerable system.
According to the producer's official site, the flaw was discovered at the end of March and was identified in the previous versions of the OpenOffice 1.1.4 and in the beta release of the OpenOffice Version 2.0.
The flaw is generated by a limit verification error in the function StgCompObjStream::Load() used to process .doc format files. In this way, one can force a heap-based overflow type error, which allows the running of malicious code on that system. For a successful attack, the hacker has to make the user to open a vulnerable version of OpenOffice with a "tinkered" document, which contains modified elements of the header.
The security companies have rated this flaw as "pretty serious" and Secunia went even further and labeled the flaw as "moderately critical" because it requires human involvement for the attack to be materialized.
Members of the OpenOffice community have announced that by changing the source code, the flaw has been solved. However, a patch solving the security bug has not been released.
The possibility of viewing and changing the code to solve security bugs or to improve the solution, has been many times emphasized by the open source community. Unlike the system that guides this software segment, companies like Microsoft publish updates just once a month and the released patches don't solve all of the security problems.